Information Technology Reference
In-Depth Information
new technology, including the specification of new products that adhere
to the standard. The implementation of a standard makes the process of
evaluation, and ultimately comparison with other technologies, much more
straightforward and also enables comparisons to be made more effectively
with technologies that are clearly different to the standard.
Unfortunately, the standard itself does not mean that an end user is pro-
ficient enough to evaluate against it correctly, and there is always the risk
of bias affecting any qualitative judgments that have favorable market con-
sequences for the enterprise concerned. This is normally addressed by the
use of an impartial third party, who can conduct the evaluation without
any vested interest and, through the process of auditing, can certify that a
given standard or standards have been complied with. This process is more
rigorous in terms of quality assurance and more expedient in that end users
are not repeatedly conducting evaluations, an activity that they are not prac-
ticed at.
The certification process consists of an approved auditor inspecting the
system or infrastructure to be scrutinized, and then making an assessment
against a set of formal criteria. Satisfaction must be achieved in the criteria
assessed in order to be awarded a certificate of compliance. Having such a
scheme in place is invaluable when faced with the prospect of selecting a
provider of services; a simple filter is whether the candidate service provider
has the relevant certification. From then on, there is the assurance that the
standards for that particular domain have been certified.
Table 19.2 summarizes some of the more prevalent standards that are
applicable to cloud computing. The multiplicity of standards does imply
overlap, and this can create complications for organizations engaged in
a variety of industrial domains (public cloud providers, for instance).
Having said this, should an enterprise who already has certified compli-
ance with a standard decide to select a cloud provider, the details of the
compliance will make comparison with the cloud provider's offering more
straightforward.
The Cloud Security Alliance (CSA) is a not-for-profit organization that pro-
vides recommendations for the planning and implementation of security in
cloud systems. Its mission is as follows:
To promote the use of best practices for providing security assurance within
Cloud Computing, and provide education on the uses of Cloud Computing
to help secure all other forms of computing.
https://cloudsecurityalliance.org/
It comprises technology vendors, users, security experts, and service pro-
viders, who collaborate to establish industrial standards for the execution of
secure cloud environments. The CSA has an international remit and orga-
nizes conferences and local meetings to exchange ideas with regard to cloud
security. This focus upon security has led to the publication of research into
cloud computing, including user's experiences of compliance with the myr-
iad standards.
Search WWH ::
Custom Search